Repository GPG Error

If none of the more specific forums is the right place to ask

Repository GPG Error

Postby stretch99 » 2017-07-19 20:42

Hello all,

I'm pretty new to Debian and even Linux as a whole. After evaluating all the different distros for my switch from the world of windows I chose Debian because I liked it's simplicity, reliability, security, and most of all the philosophy behind it. I started on Jessie just a few months ago and had no problems installing it and setting it up to my liking. I am however having some problems with a fresh install of stretch. The problem is a GPG error of some sort when updating from the repositories. I have tried editing permissions in the trusted.gpg file to be able to be read by the user and group accounts (only root can after fresh install), and I also tried installing the public gpg keys listed in the error to no avail, and have also tried installing the complete debian and debian-archive keyrings which didn't solve the problem either. I have also tried installing dirmngr which was not installed either, but that didn't fix the issue either. This is the error that I get after apt-get update:

Code: Select all
Ign:1 http://debian.mirror.constant.com/debian stretch InRelease
Get:2 http://debian.mirror.constant.com/debian stretch-updates InRelease [88.5 kB]
Hit:3 http://debian.mirror.constant.com/debian stretch Release                         
Err:2 http://debian.mirror.constant.com/debian stretch-updates InRelease               
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
Err:4 http://debian.mirror.constant.com/debian stretch Release.gpg             
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1 NO_PUBKEY EF0F382A1A7B6500
Get:5 http://security.debian.org stretch/updates InRelease [62.9 kB]           
Ign:5 http://security.debian.org stretch/updates InRelease
Fetched 62.9 kB in 0s (74.1 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://debian.mirror.constant.com/debian stretch-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://debian.mirror.constant.com/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1 NO_PUBKEY EF0F382A1A7B6500
W: GPG error: http://security.debian.org stretch/updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
W: The repository 'http://security.debian.org stretch/updates InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: Failed to fetch http://debian.mirror.constant.com/debian/dists/stretch-updates/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
W: Failed to fetch http://debian.mirror.constant.com/debian/dists/stretch/Release.gpg  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1 NO_PUBKEY EF0F382A1A7B6500
W: Some index files failed to download. They have been ignored, or old ones used instead.



Any help with this would be greatly appreciated! Hopefully someone out there knows how to fix this.
Last edited by stretch99 on 2017-07-19 23:50, edited 1 time in total.
stretch99
 
Posts: 3
Joined: 2017-07-19 20:31

Re: Repository GPG Error

Postby Lysander » 2017-07-19 20:55

Interesting. Can you please open a terminal and enter the following

Code: Select all
cat /etc/apt/sources.list && ls /etc/apt/sources.list.d/


And post the result in code tags.
User avatar
Lysander
 
Posts: 332
Joined: 2017-02-23 10:07
Location: London

Re: Repository GPG Error

Postby stretch99 » 2017-07-19 23:52

Lysander wrote:Interesting. Can you please open a terminal and enter the following

Code: Select all
cat /etc/apt/sources.list && ls /etc/apt/sources.list.d/


And post the result in code tags.


Thanks for the reply. This is the result.

Code: Select all
# deb http://ftp.us.debian.org/debian/ stretch main

deb http://debian.mirror.constant.com/debian/ stretch main contrib non-free
deb-src http://debian.mirror.constant.com/debian/ stretch main contrib non-free #Added by software-properties


# stretch-updates, previously known as 'volatile'
deb http://security.debian.org/ stretch/updates main contrib non-free

deb http://debian.mirror.constant.com/debian/ stretch-updates main non-free contrib
base.list  base.list.save
stretch99
 
Posts: 3
Joined: 2017-07-19 20:31

Re: Repository GPG Error

Postby pylkko » 2017-07-20 05:11

Other people have been reporting errors with apt due to keys. I have not have time to look into it but see:
https://lists.debian.org/debian-user/20 ... 00219.html

here is another one:
https://lists.debian.org/debian-user/20 ... 00467.html

apparently /etc/apt/trusted.gpg has become corrupted, sometimes being an empty file.

what do you get from
Code: Select all
apt-key list
?
User avatar
pylkko
 
Posts: 1174
Joined: 2014-11-06 19:02

Re: Repository GPG Error

Postby stretch99 » 2017-07-20 21:12

pylkko wrote:Other people have been reporting errors with apt due to keys. I have not have time to look into it but see:
https://lists.debian.org/debian-user/20 ... 00219.html

here is another one:
https://lists.debian.org/debian-user/20 ... 00467.html

apparently /etc/apt/trusted.gpg has become corrupted, sometimes being an empty file.

what do you get from
Code: Select all
apt-key list
?



Code: Select all
/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      126C 0D24 BD8A 2942 CC7D  F8AC 7638 D044 2B90 D010
uid           [ unknown] Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
-------------------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      D211 6914 1CEC D440 F2EB  8DDA 9D6D 8F6B C857 C906
uid           [ unknown] Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
-------------------------------------------------------
pub   rsa4096 2013-08-17 [SC] [expires: 2021-08-15]
      75DD C3C4 A499 F1A1 8CB5  F3C8 CBF8 D6FD 518E 17E1
uid           [ unknown] Jessie Stable Release Key <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
-----------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
uid           [ unknown] Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

/etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
--------------------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      6ED6 F5CB 5FA6 FB2F 460A  E88E EDA0 D238 8AE2 2BA9
uid           [ unknown] Debian Security Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

/etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
--------------------------------------------------------
pub   rsa4096 2017-05-20 [SC] [expires: 2025-05-18]
      067E 3C45 6BAE 240A CEE8  8F6F EF0F 382A 1A7B 6500
uid           [ unknown] Debian Stable Release Key (9/stretch) <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2012-04-27 [SC] [expires: 2020-04-25]
      A1BD 8E9D 78F7 FE5C 3E65  D8AF 8B48 AD62 4692 5553
uid           [ unknown] Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg
-------------------------------------------------------
pub   rsa4096 2012-05-08 [SC] [expires: 2019-05-07]
      ED6D 6527 1AAC F0FF 15D1  2303 6FB2 A1C2 65FF B764
uid           [ unknown] Wheezy Stable Release Key <debian-release@lists.debian.org>


Seems to have only the archive-keyring even though I had used apt-get install debian-keyring along with apt-get install debian-archive-keyring
stretch99
 
Posts: 3
Joined: 2017-07-19 20:31

Re: Repository GPG Error

Postby luedtke » 2017-08-13 16:04

The same problem ist discussed there:
viewtopic.php?f=5&t=133569

In my opinion, the GPG error threatens the integrity of any Debian Stretch installation.
luedtke
 
Posts: 4
Joined: 2017-08-12 19:39

Re: Repository GPG Error

Postby L_V » 2017-11-08 08:45

Be carefull with the Debian documentation which seems to be obsolete on this subject: https://wiki.debian.org/SecureApt

Code: Select all
sudo apt-key update

Warning: 'apt-key update' is deprecated and should not be used anymore !
Note: In your distribution this command is a no-op and can therefore be removed safely.
W: The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file has an unsupported filetype.

It seems now recommended to use dirmngr , but not sure of it.
L_V
 
Posts: 694
Joined: 2007-03-19 09:04


Return to General Questions

Who is online

Users browsing this forum: No registered users and 5 guests

fashionable